CVE Catalog

CVE-2026-52967

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

32th percentile — higher than 32% of all known CVEs

Summary

In the Linux kernel, a vulnerability was found in the SMB client subsystem that can cause an infinite loop and out-of-bounds read in the symlink_data() function. The issue occurs on 32-bit architectures when the ErrorDataLength field is set to specific large values (0xfffffff8 or 0xfffffff0), leading to incorrect pointer arithmetic.

Risk Assessment

An attacker could exploit this vulnerability to cause a system hang (infinite loop) or read memory beyond the allocated buffer, potentially leading to sensitive data leakage or further privilege escalation.

Recommendation

Immediately update the Linux kernel to a version containing the fix for CVE-2026-52967. Monitor official security advisories from your Linux distribution and apply the patch as soon as possible.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix possible infinite loop and oob read in symlink_data() On 32-bit architectures, the infinite loop is as follows: len = p->ErrorDataLength == 0xfffffff8 u8 *next = p->ErrorContextData + len next == p On 32-bit architectures, the out-of-bounds read is as follows: len = p->ErrorDataLength == 0xfffffff0 u8 *next = p->ErrorContextData + len next == (u8 *)p - 8

Vulnerability data from NVD (NIST) · CISA KEV · EPSS